From dfe6bcf57684734f559e9e8ab67dd9e0fbeb0bef Mon Sep 17 00:00:00 2001 From: Alexis Aguilar <98043211+alexisintech@users.noreply.github.com> Date: Wed, 26 Nov 2025 19:39:43 -0500 Subject: [PATCH 1/2] Add tooltip for OTP --- docs/_tooltips/otp.mdx | 1 + docs/getting-started/quickstart.expo.mdx | 2 +- .../configure/auth-strategies/oauth/overview.mdx | 2 +- .../auth-strategies/sign-up-sign-in-options.mdx | 4 ++-- .../customizing-clerk/elements/examples/primitives.mdx | 2 +- .../customizing-clerk/elements/examples/shadcn-ui.mdx | 2 +- docs/guides/customizing-clerk/elements/overview.mdx | 2 +- .../customizing-clerk/elements/reference/common.mdx | 2 +- .../custom-flows/account-updates/add-email.mdx | 6 +++--- .../custom-flows/account-updates/add-phone.mdx | 6 +++--- .../account-updates/manage-sms-based-mfa.mdx | 2 +- .../custom-flows/authentication/email-password.mdx | 10 +++++----- .../custom-flows/authentication/email-sms-otp.mdx | 10 +++++----- .../custom-flows/authentication/legal-acceptance.mdx | 4 ++-- docs/guides/development/custom-flows/overview.mdx | 4 ++-- docs/guides/development/testing/overview.mdx | 2 +- .../development/testing/test-emails-and-phones.mdx | 4 ++-- .../troubleshooting/email-deliverability.mdx | 2 +- docs/guides/secure/client-trust.mdx | 6 +++--- docs/guides/secure/password-protection-and-rules.mdx | 2 +- docs/reference/backend/user/disable-user-mfa.mdx | 2 +- docs/reference/javascript/sign-in.mdx | 2 +- docs/reference/javascript/sign-up.mdx | 2 +- 23 files changed, 41 insertions(+), 40 deletions(-) create mode 100644 docs/_tooltips/otp.mdx diff --git a/docs/_tooltips/otp.mdx b/docs/_tooltips/otp.mdx new file mode 100644 index 0000000000..94487fe9fa --- /dev/null +++ b/docs/_tooltips/otp.mdx @@ -0,0 +1 @@ +An **OTP** stands for one-time password and is a code that is used to authenticate a user. The OTP is typically sent to a user's email address or phone number and must be entered within a certain time period to be valid. diff --git a/docs/getting-started/quickstart.expo.mdx b/docs/getting-started/quickstart.expo.mdx index c064f6404f..503a463309 100644 --- a/docs/getting-started/quickstart.expo.mdx +++ b/docs/getting-started/quickstart.expo.mdx @@ -169,7 +169,7 @@ sdk: expo await signUp.prepareEmailAddressVerification({ strategy: 'email_code' }) // Set 'pendingVerification' to true to display second form - // and capture OTP code + // and capture code setPendingVerification(true) } catch (err) { // See https://clerk.com/docs/guides/development/custom-flows/error-handling diff --git a/docs/guides/configure/auth-strategies/oauth/overview.mdx b/docs/guides/configure/auth-strategies/oauth/overview.mdx index 825a818bb3..45c6be6d6e 100644 --- a/docs/guides/configure/auth-strategies/oauth/overview.mdx +++ b/docs/guides/configure/auth-strategies/oauth/overview.mdx @@ -29,7 +29,7 @@ Rather than asking for a username and password for each social media platform, w > > - **Automated logins and security controls**: even if an app had your credentials, it would need to sign in as you through an automated script. However, many authentication systems detect and block scripted logins to protect against bots and abuse. OAuth provides a standardized way to grant access without bypassing these controls. > -> - **Modern authentication**: many platforms now require additional security measures beyond just a username and password, such as multi-factor authentication (MFA), one-time passwords (OTPs), or passkeys. OAuth is designed to work with these modern authentication methods, ensuring secure access without compromising the user's account. +> - **Modern authentication**: many platforms now require additional security measures beyond just a username and password, such as multi-factor authentication (MFA), one-time passwords ([OTPs](!otp)), or passkeys. OAuth is designed to work with these modern authentication methods, ensuring secure access without compromising the user's account. ## Key terminology diff --git a/docs/guides/configure/auth-strategies/sign-up-sign-in-options.mdx b/docs/guides/configure/auth-strategies/sign-up-sign-in-options.mdx index 3d1a8f537c..46b208bdb4 100644 --- a/docs/guides/configure/auth-strategies/sign-up-sign-in-options.mdx +++ b/docs/guides/configure/auth-strategies/sign-up-sign-in-options.mdx @@ -38,7 +38,7 @@ SMS functionality is restricted to phone numbers from countries enabled on your ### SMS allowlist -SMS functionality, including SMS OTPs, is restricted to phone numbers from countries that are enabled on your SMS allowlist. This can be useful for avoiding extraneous SMS fees from countries from which your app is not expected to attract traffic. +SMS functionality, including SMS [OTPs](!otp), is restricted to phone numbers from countries that are enabled on your SMS allowlist. This can be useful for avoiding extraneous SMS fees from countries from which your app is not expected to attract traffic. Every instance starts off with a default set of enabled SMS country tiers. To tailor it to your needs: @@ -48,7 +48,7 @@ Every instance starts off with a default set of enabled SMS country tiers. To ta If a country is disabled, then phone numbers starting with the corresponding country calling code: -- Cannot receive OTPs and a request to receive an OTP will be rejected with an error +- Cannot receive [OTPs](!otp) and a request to receive an OTP will be rejected with an error - Cannot receive notifications for password or passkey modifications - Cannot be used upon sign-up - Cannot be added to an existing user profile diff --git a/docs/guides/customizing-clerk/elements/examples/primitives.mdx b/docs/guides/customizing-clerk/elements/examples/primitives.mdx index 65c590b047..668261ad01 100644 --- a/docs/guides/customizing-clerk/elements/examples/primitives.mdx +++ b/docs/guides/customizing-clerk/elements/examples/primitives.mdx @@ -5,7 +5,7 @@ description: Example implementations using Clerk Elements primitives. ## OTP Input -The following example demonstrates how to use the `otp` input type with the render prop to create a custom OTP input field for phone and email codes, that is animated with Framer Motion. +The following example demonstrates how to use the `otp` input type with the render prop to create a custom one-time password ([OTP](!otp)) input field for phone and email codes, that is animated with Framer Motion. ```tsx {{ title: 'OTP Input', collapsible: true }} ` -A special type used to render an input that accepts a one-time passcode (OTP). If the corresponding `` has `name="code"`, the child `` will default to the `otp` type. Only numbers are accepted as inputs, and the default max length is 6. +A special type used to render an input that accepts a one-time passcode ([OTP](!otp)). If the corresponding `` has `name="code"`, the child `` will default to the `otp` type. Only numbers are accepted as inputs, and the default max length is 6. By default, a single text `` will be rendered. If provided, the `render` prop will be called for each character present in the input. This enables UI patterns where an OTP input is visually represented as N distinct elements. diff --git a/docs/guides/development/custom-flows/account-updates/add-email.mdx b/docs/guides/development/custom-flows/account-updates/add-email.mdx index d44ac5a792..8dbbf09321 100644 --- a/docs/guides/development/custom-flows/account-updates/add-email.mdx +++ b/docs/guides/development/custom-flows/account-updates/add-email.mdx @@ -83,7 +83,7 @@ Then skip to the [Email link verification](#email-link-verification) section. emailAddress?.prepareVerification({ strategy: 'email_code' }) // Set to true to display second form - // and capture the OTP code + // and capture the code setIsVerifying(true) } catch (err) { // See https://clerk.com/docs/guides/development/custom-flows/error-handling @@ -120,7 +120,7 @@ Then skip to the [Email link verification](#email-link-verification) section. ) } - // Display the verification form to capture the OTP code + // Display the verification form to capture the code if (isVerifying) { return ( <> @@ -217,7 +217,7 @@ Then skip to the [Email link verification](#email-link-verification) section. .prepareVerification(strategy: .emailCode) // Set to true to display second form - // and capture the OTP code + // and capture the code isVerifying = true } catch { // See https://clerk.com/docs/guides/development/custom-flows/error-handling diff --git a/docs/guides/development/custom-flows/account-updates/add-phone.mdx b/docs/guides/development/custom-flows/account-updates/add-phone.mdx index df01f19de4..daebb03b1e 100644 --- a/docs/guides/development/custom-flows/account-updates/add-phone.mdx +++ b/docs/guides/development/custom-flows/account-updates/add-phone.mdx @@ -74,7 +74,7 @@ To use phone number verification, you first need to enable it for your applicati phoneNumber?.prepareVerification() // Set to true to display second form - // and capture the OTP code + // and capture the code setIsVerifying(true) } catch (err) { // See https://clerk.com/docs/guides/development/custom-flows/error-handling @@ -111,7 +111,7 @@ To use phone number verification, you first need to enable it for your applicati ) } - // Display the verification form to capture the OTP code + // Display the verification form to capture the code if (isVerifying) { return ( <> @@ -208,7 +208,7 @@ To use phone number verification, you first need to enable it for your applicati .prepareVerification() // Set to true to display second form - // and capture the OTP code + // and capture the code isVerifying = true } catch { // See https://clerk.com/docs/guides/development/custom-flows/error-handling diff --git a/docs/guides/development/custom-flows/account-updates/manage-sms-based-mfa.mdx b/docs/guides/development/custom-flows/account-updates/manage-sms-based-mfa.mdx index b6a2cda926..2609a44023 100644 --- a/docs/guides/development/custom-flows/account-updates/manage-sms-based-mfa.mdx +++ b/docs/guides/development/custom-flows/account-updates/manage-sms-based-mfa.mdx @@ -284,7 +284,7 @@ One of the options that Clerk supports for MFA is **SMS verification codes**. Th phoneNumber?.prepareVerification() // Set to true to display second form - // and capture the OTP code + // and capture the code setIsVerifying(true) } catch (err) { // See https://clerk.com/docs/guides/development/custom-flows/error-handling diff --git a/docs/guides/development/custom-flows/authentication/email-password.mdx b/docs/guides/development/custom-flows/authentication/email-password.mdx index f52726d89f..fa130b1302 100644 --- a/docs/guides/development/custom-flows/authentication/email-password.mdx +++ b/docs/guides/development/custom-flows/authentication/email-password.mdx @@ -66,7 +66,7 @@ This guide will walk you through how to build a custom email/password sign-up an }) // Set 'verifying' true to display second form - // and capture the OTP code + // and capture the code setVerifying(true) } catch (err: any) { // See https://clerk.com/docs/guides/development/custom-flows/error-handling @@ -117,7 +117,7 @@ This guide will walk you through how to build a custom email/password sign-up an } } - // Display the verification form to capture the OTP code + // Display the verification form to capture the code if (verifying) { return ( <> @@ -324,7 +324,7 @@ This guide will walk you through how to build a custom email/password sign-up an await signUp.prepareEmailAddressVerification({ strategy: 'email_code' }) // Set 'pendingVerification' to true to display second form - // and capture OTP code + // and capture code setPendingVerification(true) } catch (err) { // See https://clerk.com/docs/guides/development/custom-flows/error-handling @@ -431,7 +431,7 @@ This guide will walk you through how to build a custom email/password sign-up an var body: some View { if isVerifying { - // Display the verification form to capture the OTP code + // Display the verification form to capture the code TextField("Enter your verification code", text: $code) Button("Verify") { Task { await verify(code: code) } @@ -458,7 +458,7 @@ This guide will walk you through how to build a custom email/password sign-up an try await signUp.prepareVerification(strategy: .emailCode) // Set 'isVerifying' true to display second form - // and capture the OTP code + // and capture the code isVerifying = true } catch { // See https://clerk.com/docs/guides/development/custom-flows/error-handling diff --git a/docs/guides/development/custom-flows/authentication/email-sms-otp.mdx b/docs/guides/development/custom-flows/authentication/email-sms-otp.mdx index 35e13d2555..d44f015b57 100644 --- a/docs/guides/development/custom-flows/authentication/email-sms-otp.mdx +++ b/docs/guides/development/custom-flows/authentication/email-sms-otp.mdx @@ -5,7 +5,7 @@ description: Learn how build a custom email or SMS one time code (OTP) authentic -Clerk supports passwordless authentication, which lets users sign in and sign up without having to remember a password. Instead, users receive a one-time password (OTP), also known as a one-time code, via email or SMS, which they can use to authenticate themselves. +Clerk supports passwordless authentication, which lets users sign in and sign up without having to remember a password. Instead, users receive a one-time password ([OTP](!otp)) via email or SMS, which they can use to authenticate themselves. This guide will walk you through how to build a custom SMS OTP sign-up and sign-in flow. The process for using email OTP is similar, and the differences will be highlighted throughout. @@ -14,14 +14,14 @@ This guide will walk you through how to build a custom SMS OTP sign-up and sign- ## Enable SMS OTP - To use SMS OTP, you first need to enable it for your application. + To use SMS [OTP](!otp), you first need to enable it for your application. 1. In the Clerk Dashboard, navigate to the [**User & authentication**](https://dashboard.clerk.com/~/user-authentication/user-and-authentication) page. 1. Select the **Phone** tab and enable **Sign-up with phone** and **Sign-in with phone** and keep the default settings. ## Sign-up flow - To sign up a user using an OTP, you must: + To sign up a user using an [OTP](!otp), you must: 1. Initiate the sign-up process by collecting the user's identifier, which for this example is a phone number. 1. Prepare the verification, which sends a one-time code to the given identifier. @@ -488,11 +488,11 @@ This guide will walk you through how to build a custom SMS OTP sign-up and sign- - To create a sign-up flow for email OTP, use the [`prepareEmailAddressVerification`](/docs/reference/javascript/sign-up#prepare-email-address-verification) and [`attemptEmailAddressVerification`](/docs/reference/javascript/sign-up#attempt-email-address-verification). These helpers work the same way as their phone number counterparts do in the previous example. You can find all available methods in the [`SignUp`](/docs/reference/javascript/sign-in) object documentation. + To create a sign-up flow for email [OTP](!otp), use the [`prepareEmailAddressVerification`](/docs/reference/javascript/sign-up#prepare-email-address-verification) and [`attemptEmailAddressVerification`](/docs/reference/javascript/sign-up#attempt-email-address-verification). These helpers work the same way as their phone number counterparts do in the previous example. You can find all available methods in the [`SignUp`](/docs/reference/javascript/sign-in) object documentation. ## Sign-in flow - To authenticate a user with an OTP, you must: + To authenticate a user with an [OTP](!otp), you must: 1. Initiate the sign-in process by creating a `SignIn` using the identifier provided, which for this example is a phone number. 1. Prepare the first factor verification. diff --git a/docs/guides/development/custom-flows/authentication/legal-acceptance.mdx b/docs/guides/development/custom-flows/authentication/legal-acceptance.mdx index f42e596abc..cef3aeb6c0 100644 --- a/docs/guides/development/custom-flows/authentication/legal-acceptance.mdx +++ b/docs/guides/development/custom-flows/authentication/legal-acceptance.mdx @@ -56,7 +56,7 @@ export default function Page() { }) // Set 'verifying' true to display second form - // and capture the OTP code + // and capture the code setVerifying(true) } catch (err: any) { // See https://clerk.com/docs/guides/development/custom-flows/error-handling @@ -107,7 +107,7 @@ export default function Page() { } } - // Display the verification form to capture the OTP code + // Display the verification form to capture the code if (verifying) { return ( <> diff --git a/docs/guides/development/custom-flows/overview.mdx b/docs/guides/development/custom-flows/overview.mdx index 13762ed4a4..cfe8ca6652 100644 --- a/docs/guides/development/custom-flows/overview.mdx +++ b/docs/guides/development/custom-flows/overview.mdx @@ -18,7 +18,7 @@ Before building custom authentication flows, read the following sections to get The [`SignUp`](/docs/reference/javascript/sign-up) object is the pivotal concept in the sign-up process. It is used to gather the user's information, verify their email address or phone number, add OAuth accounts, and finally, convert them into a [`User`](/docs/reference/javascript/user). -Every `SignUp` must meet specific requirements before being converted into a `User`. These requirements are defined by the instance settings you selected in the [Clerk Dashboard](https://dashboard.clerk.com/). For example, on the [**User & authentication**](https://dashboard.clerk.com/~/user-authentication/user-and-authentication) page, you can [configure email and password, email links, or SMS OTP as authentication strategies](/docs/guides/configure/auth-strategies/sign-up-sign-in-options). +Every `SignUp` must meet specific requirements before being converted into a `User`. These requirements are defined by the instance settings you selected in the [Clerk Dashboard](https://dashboard.clerk.com/). For example, on the [**User & authentication**](https://dashboard.clerk.com/~/user-authentication/user-and-authentication) page, you can [configure email and password, email links, or SMS codes as authentication strategies](/docs/guides/configure/auth-strategies/sign-up-sign-in-options). Once all requirements are met, the `SignUp` will turn into a new `User`, and an active session for that `User` will be created on the current [`Client`](/docs/reference/javascript/client). @@ -83,7 +83,7 @@ Sign-ins are initiated by creating a `SignIn` object on the current `Client`. If The following steps outline the sign-in process: 1. Initiate the sign-in process by collecting the user's authentication information and passing the appropriate parameters to the [`create()`](/docs/reference/javascript/sign-in#create) method. -1. Prepare the first factor verification. Users must complete a first factor verification to prove their identity. This can be something like providing a password, an email link, a one-time code (OTP), a Web3 wallet address, or providing proof of their identity through an external social account (SSO/OAuth). +1. Prepare the first factor verification. Users must complete a first factor verification to prove their identity. This can be something like providing a password, an email link, a one-time password ([OTP](!otp)), a Web3 wallet address, or providing proof of their identity through an external social account (SSO/OAuth). 1. Attempt to complete the first factor verification. 1. Optionally, if you have enabled [multi-factor](/docs/guides/configure/auth-strategies/sign-up-sign-in-options) for your application, you will need to prepare the second factor verification for users who have set up 2FA for their account. 1. Attempt to complete the second factor verification. diff --git a/docs/guides/development/testing/overview.mdx b/docs/guides/development/testing/overview.mdx index 16319618ee..cb806858d4 100644 --- a/docs/guides/development/testing/overview.mdx +++ b/docs/guides/development/testing/overview.mdx @@ -7,7 +7,7 @@ Testing is an important part of every application. Each framework may require a ## Test with one time passcodes -To avoid sending an email or SMS message with a one time passcode (OTP) during testing, you can use a fake email address or phone number that has a fixed code. Read the complete documentation [here](/docs/guides/development/testing/test-emails-and-phones). +To avoid sending an email or SMS message with a one-time password ([OTP](!otp)) during testing, you can use a fake email address or phone number that has a fixed code. Read the complete documentation [here](/docs/guides/development/testing/test-emails-and-phones). ## Get a valid session token diff --git a/docs/guides/development/testing/test-emails-and-phones.mdx b/docs/guides/development/testing/test-emails-and-phones.mdx index c58d4f91fc..7a066c4016 100644 --- a/docs/guides/development/testing/test-emails-and-phones.mdx +++ b/docs/guides/development/testing/test-emails-and-phones.mdx @@ -3,7 +3,7 @@ title: Test emails and phones description: Write end to end tests by simulating OTP verifications. --- -Most of Clerk's sign-in and sign-up flows involve verifying ownership of an email address or phone number via a [one time passcode (OTP)](/docs/guides/development/custom-flows/authentication/email-sms-otp). To confirm that your integration works correctly, you can simulate verification flows without sending an email or SMS, by using reserved values in test mode. +Most of Clerk's sign-in and sign-up flows involve verifying ownership of an email address or phone number via a [one time-password (OTP)](/docs/guides/development/custom-flows/authentication/email-sms-otp). To confirm that your integration works correctly, you can simulate verification flows without sending an email or SMS, by using reserved values in test mode. Verification messages are used during sign-up, sign-in, and when adding an email address or phone number to an existing account. @@ -11,7 +11,7 @@ Verification messages are used during sign-up, sign-in, and when adding an email If Clerk is used to deliver SMS messages and/or emails for your development instance, a maximum of 20 SMS messages and 100 emails can be delivered per calendar month. -After that, requests resulting in OTP SMS messages and/or emails will be rejected. Other SMS or email notifications will still produce a webhook but won't be sent to the target address. +After that, requests resulting in SMS and/or email [OTPs](!otp) will be rejected. Other SMS or email notifications will still produce a webhook but won't be sent to the target address. The following cases do not count toward the limit: diff --git a/docs/guides/development/troubleshooting/email-deliverability.mdx b/docs/guides/development/troubleshooting/email-deliverability.mdx index cb0a126b88..6033374915 100644 --- a/docs/guides/development/troubleshooting/email-deliverability.mdx +++ b/docs/guides/development/troubleshooting/email-deliverability.mdx @@ -75,7 +75,7 @@ The most common issue with Clerk's verification emails is that they are "delayed Microsoft Defender's aggressive anti-spam filters are the most common reason that verification emails might not reach certain Outlook inboxes. -In the event that an email does not reach an Outlook recipient at all, this most likely means they are placed in Quarantine and the workspace's administrator has been able to restore it. If you encounter this issue, try switching to OTP codes instead of email links, since they tend to have better deliverability with Outlook. +In the event that an email does not reach an Outlook recipient at all, this most likely means they are placed in Quarantine and the workspace's administrator has been able to restore it. If you encounter this issue, try switching to [OTP](!otp) codes instead of email links, since they tend to have better deliverability with Outlook. Another thing you can do is sign up for [Sender Support](https://sendersupport.olc.protection.outlook.com/snds/FAQ.aspx), and make sure you're following all of their best practices. diff --git a/docs/guides/secure/client-trust.mdx b/docs/guides/secure/client-trust.mdx index b53e8349b4..31e4afeb10 100644 --- a/docs/guides/secure/client-trust.mdx +++ b/docs/guides/secure/client-trust.mdx @@ -12,7 +12,7 @@ When Client Trust is enabled, Clerk treats every new device as untrusted until t Client Trust automatically requires a second factor when **all of the following conditions are met**: 1. The user enters a **valid password**. -1. The user **hasn't enabled multi-factor authentication (MFA)**. +1. The user **hasn't enabled [multi-factor authentication (MFA)](/docs/guides/configure/auth-strategies/sign-up-sign-in-options#multi-factor-authentication)**. 1. The user is signing in from a **new device**. When these conditions are met, Clerk sends a one-time verification code to the user's email address or phone number. The user must enter this code to complete the sign-in process. @@ -38,7 +38,7 @@ Client Trust is automatically enabled for Clerk applications created after Novem ## Impact on custom sign-in flows -If you've built a custom sign-in flow that allows password-based sign-ins using the Clerk API or SDKs, you'll need to handle the `needs_second_factor` status that Client Trust can trigger. +If you've built a [custom sign-in flow](!custom-flow) that allows password-based sign-ins using the Clerk API or SDKs, you'll need to handle the `needs_second_factor` status that Client Trust can trigger. When Client Trust requires verification, the sign-in attempt will return a status of `needs_second_factor` with `email_code` in the `supportedSecondFactors` array. Your flow should: @@ -56,5 +56,5 @@ For a complete implementation example, see the [email/password custom flow guide ## Limitations -- **Password-only**: Client Trust only applies to password-based sign-ins. Passwordless authentication methods (such as email links, OTPs, passkeys, and OAuth) are not affected. +- **Password-only**: Client Trust only applies to password-based sign-ins. Passwordless authentication methods (such as email links, [OTPs](!otp), passkeys, and OAuth) are not affected. - **Email/Phone number required**: Client Trust requires the user to have a verified email address or phone number to receive the verification code. diff --git a/docs/guides/secure/password-protection-and-rules.mdx b/docs/guides/secure/password-protection-and-rules.mdx index 2a23883b24..a1217d1627 100644 --- a/docs/guides/secure/password-protection-and-rules.mdx +++ b/docs/guides/secure/password-protection-and-rules.mdx @@ -31,7 +31,7 @@ When the user provides the correct password, if it has been found in online brea - The user was migrated to Clerk along with their existing password digest > [!NOTE] -> Password reset for compromised passwords uses the same flow as "forgot password". The user will need to authenticate first via an OTP code sent to their email or phone and only then they will be able to set a new — more secure — password. +> Password reset for compromised passwords uses the same flow as "forgot password". The user will need to authenticate first via an [OTP](!otp) code sent to their email or phone and only then they will be able to set a new — more secure — password. To configure this feature: diff --git a/docs/reference/backend/user/disable-user-mfa.mdx b/docs/reference/backend/user/disable-user-mfa.mdx index 96cf711405..b6df9d60f3 100644 --- a/docs/reference/backend/user/disable-user-mfa.mdx +++ b/docs/reference/backend/user/disable-user-mfa.mdx @@ -6,7 +6,7 @@ sdk: js-backend {/* clerk/javascript file: https://github.com/clerk/javascript/blob/main/packages/backend/src/api/endpoints/UserApi.ts#L206 */} -Disable all of a user's MFA methods (e.g. OTP sent via SMS, TOTP on their authenticator app) at once. +Disable all of a user's MFA methods (e.g. [OTP](!otp) sent via SMS, TOTP on their authenticator app) at once. ```ts function disableUserMFA(userId: string): Promise diff --git a/docs/reference/javascript/sign-in.mdx b/docs/reference/javascript/sign-in.mdx index 3c037f7628..729d63de39 100644 --- a/docs/reference/javascript/sign-in.mdx +++ b/docs/reference/javascript/sign-in.mdx @@ -9,7 +9,7 @@ The `SignIn` object holds the state of the current sign-in and provides helper m The following steps outline the sign-in process: 1. Initiate the sign-in process by collecting the user's authentication information and passing the appropriate parameters to the [`create()`](#create) method. -1. Prepare the first factor verification by calling [`SignIn.prepareFirstFactor()`](#prepare-first-factor). Users _must_ complete a first factor verification. This can be something like providing a password, an email link, a one-time code (OTP), a Web3 wallet address, or providing proof of their identity through an external social account (SSO/OAuth). +1. Prepare the first factor verification by calling [`SignIn.prepareFirstFactor()`](#prepare-first-factor). Users _must_ complete a first factor verification. This can be something like providing a password, an email link, a one-time password ([OTP](!otp)), a Web3 wallet address, or providing proof of their identity through an external social account (SSO/OAuth). 1. Attempt to complete the first factor verification by calling [`SignIn.attemptFirstFactor()`](#attempt-first-factor). 1. Optionally, if you have enabled [multi-factor](/docs/guides/configure/auth-strategies/sign-up-sign-in-options) for your application, you will need to prepare the second factor verification by calling [`SignIn.prepareSecondFactor()`](#prepare-second-factor). 1. Attempt to complete the second factor verification by calling [`SignIn.attemptSecondFactor()`](#attempt-second-factor). diff --git a/docs/reference/javascript/sign-up.mdx b/docs/reference/javascript/sign-up.mdx index a9cb7709e5..e803246f9a 100644 --- a/docs/reference/javascript/sign-up.mdx +++ b/docs/reference/javascript/sign-up.mdx @@ -706,7 +706,7 @@ function prepareEmailAddressVerification( ### `preparePhoneNumberVerification()` -Initiates a phone number verification process by sending a one-time verification code (OTP) via SMS to the phone number associated with the current sign-up attempt. This is a convenience method that wraps [`SignUp.prepareVerification()`](#prepare-verification) with the `'phone_code'` strategy. +Initiates a phone number verification process by sending a one-time verification code ([OTP](!otp)) via SMS to the phone number associated with the current sign-up attempt. This is a convenience method that wraps [`SignUp.prepareVerification()`](#prepare-verification) with the `'phone_code'` strategy. By default, this method is equivalent to calling `SignUp.prepareVerification({ strategy: 'phone_code' })`. The verification process will fail if the phone number is invalid, unreachable, or has already been verified. The sent verification code has a limited validity period and can only be used once. From 6c84dbab1520be2e2c59554f62c3c8c3b272d817 Mon Sep 17 00:00:00 2001 From: Alexis Aguilar <98043211+alexisintech@users.noreply.github.com> Date: Mon, 1 Dec 2025 15:36:38 -0500 Subject: [PATCH 2/2] Update docs/guides/development/testing/test-emails-and-phones.mdx Co-authored-by: Michael Novotny --- docs/guides/development/testing/test-emails-and-phones.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/development/testing/test-emails-and-phones.mdx b/docs/guides/development/testing/test-emails-and-phones.mdx index 7a066c4016..197ff5960f 100644 --- a/docs/guides/development/testing/test-emails-and-phones.mdx +++ b/docs/guides/development/testing/test-emails-and-phones.mdx @@ -3,7 +3,7 @@ title: Test emails and phones description: Write end to end tests by simulating OTP verifications. --- -Most of Clerk's sign-in and sign-up flows involve verifying ownership of an email address or phone number via a [one time-password (OTP)](/docs/guides/development/custom-flows/authentication/email-sms-otp). To confirm that your integration works correctly, you can simulate verification flows without sending an email or SMS, by using reserved values in test mode. +Most of Clerk's sign-in and sign-up flows involve verifying ownership of an email address or phone number via a [one-time password (OTP)](/docs/guides/development/custom-flows/authentication/email-sms-otp). To confirm that your integration works correctly, you can simulate verification flows without sending an email or SMS, by using reserved values in test mode. Verification messages are used during sign-up, sign-in, and when adding an email address or phone number to an existing account.